Getting Personal With Port Scanners

Purdue University Professor of Computer Sciences Gene Spafford, Ph.D., a recognized leader in the computer field, said, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards—and even then I have my doubts.” Since this isn’t a feasible security approach, most of us take less dramatic precautions to keep our systems as safe as we can get them. Or do we?

Despite the implementation of anti-virus software, firewalls and intrusion detection or prevention systems, breaches still occur. These can happen for any number of complex reasons. However, they can be the result of something as simple as a misconfigured firewall that allows a breach. A tried-and-true method for avoiding this type of oversight is to periodically test your computer systems for security holes.

Enter port scanners. These important tools should be part of everyone’s computer security arsenal, as they help reveal vulnerabilities in both computers and networks. In fact, system administrators are constantly advised and reminded to check their systems for possible security holes, such as those that arise from services that might be unintentionally (or just unnecessarily) running. In some cases, these services might be Trojans, rootkits or spyware that permit outside parties to access your systems.

When it comes to checking your ports, you need not go very far. The most common host-based tool for checking ports on Windows or UNIX systems is the built-in Netstat command. To use the Netstat command on Windows-based systems, for example, open a command (DOS) prompt and enter the command Netstat -a. (This lists all open connections going to and from your PC.)

If you need something a bit more exotic, take a look at Nmap (Network Mapper). Nmap takes the guesswork out of keeping tabs on your network. Designed with large networks in mind, Nmap can handle quick scans of those networks, but it also works well with smaller, single-host networks. Nmap examines raw IP packets to determine what operating systems (and versions) are running, as well as which firewalls and filters have been engaged. It also determines what hosts are available on the network and which applications (including the name and version) they’re presenting. Nmap software is available at no charge (in both console and graphical versions) and can be used by most computers. If you’re interested in more information or if you want to download a copy, visit www.insecure.org/nmap/.

GFI LANguard Network Security Scanner is another handy tool for checking ports. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies possible security holes. In other words, it plays devil’s advocate and alerts you to weaknesses before a hacker can find them, enabling you to deal with those issues before they can be exploited. Visit www.gfi.com for additional details.

If a port scanner is all you need, look no further than the Advanced Port Scanner by Famatech, a small, fast and easy-to-use port scanner for the Windows platform. On faster computers, you can scan ports in just a few seconds. It has descriptions for the most common ports and can perform scans on predefined port ranges. To download a copy, visit www.radmin.com/download/.

Although there are more than 65,000 ports available for Internet use, the majority of these are not in use at any given time. Blocking unused ports and services is the foundation upon which you should construct an effective security barrier. When employed by system administrators, port scanners can help detect unused open ports. If you discover any connection that you don’t recognize, you should probably track down the system process that’s using that connection. To do this under Windows, you can use a handy freeware program called TCPView, which can be downloaded at www.sysinternals.com. If you discover that a computer may have been infected by a root kit or backdoor Trojan, you should immediately disconnect any compromised systems from the Internet and company network by removing all network cables, modem connections and wireless network interfaces and then scanning them using anti-virus and anti-spyware utilities.

Boiled down, port scanners can be used to play devil’s advocate and alert system administrators or network security personnel that they have failed to adequately secure their network. By running a scanner against it, any open and unused ports will come to light, thereby allowing the administrator to take action and close or secure them.

Douglas Schweitzer, A+, Network+, i-Net+, CIW, is an Internet security specialist and the author of “Securing the Network From Malicious Code” and “Incident Response: Computer Forensics Toolkit.” He can be reached at dschweitzer@certmag.com.